[Samba] getenv does not return any AD DOMAIN users or groups - ?nsswitch is not setup for Samba?

Barry D. Adkins Barry at daram.com
Mon Nov 19 03:23:29 UTC 2018 

>What is wrong with the Samba wiki, what didn't go exactly like the wiki ?

https://wiki.samba.org/index.php/Maintaining_Unix_Attributes_in_AD_using_ADUC

Well take this wiki that I'm trying to follow to add the AD uid/gid to the objects.  It's helpful and confusing, but maybe because I'm just not informed enough.

I got the property pages to show in AD Users & Computers, but there is no NIS Domain offered to select.  No guidance on that, unless I've done something out of sequence that would have populated that.

It then Gives this guidance to perform before you use AD U & C... after it has just led you down the path of using AD U & C.

# Defining the next UID/GID number to use
# Every time a UID/GID number is assigned using Active Directory Users and Computers (ADUC), the next UID/GID number is stored inside the Active Directory. By default, ADUC starts assigning UID and # GID numbers at 10000.

# If you setup a new Samba AD and want to use a different start value, you will need to add the counting attributes before using ADUC for the first time:

# ldbedit -H /usr/local/samba/private/sam.ldb -b \
  CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com

# msSFU30MaxUidNumber: 10000
# msSFU30MaxGidNumber: 10000

# With the same command you can change the values. E. g. if you require to start UID numbers at 20000 and GIDs at 50000, adapt the values to your requirements:

# msSFU30MaxUidNumber: 20000
# msSFU30MaxGidNumber: 50000

I don't seem to find an "ldb" file anywhere and since we are using an AD Domain, perhaps there shouldn't be one.

I wouldn't have gone looking for an "ldb" file except for this wiki.

I'll continue to rummage around trying to figure out how to get an entry to choose for the NIS Domain, although I'm not sure what it should be.  I would guess it would be the same name as the AD Domain Name.  Looking over the above ldbedit command it seems like it will create an entry of samdom.example.com  or in my case would be samdom.domain.com  but is that what we really want/need to do?

Barry

More information about the samba mailing list